bug-libtool
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Symlink Vulnerability in GNU libtool <1.5.2


From: Muders, Thomas
Subject: RE: Symlink Vulnerability in GNU libtool <1.5.2
Date: Thu, 5 Feb 2004 14:05:28 +0100

Hello,

> Hm, interesting. That is the exact same bug that I found. As for the
> race with chmod: Do you know of a really good way to exploit 
> this one? I
> can only think of pretty harmless things to do with this. You 
> could fix
> this by using something like:
> 
> (umask 077 && mkdir $tmpdir) || exit 1
> 

there is an option "-m" for mkdir which sets the mode on creation. That makes 
sense, anyway, as the syscall for mkdir has a "mode" argument, too.

Or are there portability issues with that one?

regards,
        Thomas

--
address@hidden        |  Johannes Gutenberg-Universität Mainz
Systemabteilung/Unix       |         Zentrum für Datenverarbeitung
Tel: +49-6131-39-26015     |                           55099 Mainz
Fax: +49-6131-39-56015     |                 Tel: +49-6131-3926300







reply via email to

[Prev in Thread] Current Thread [Next in Thread]